Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/iKOGyCb5kgZR3Am8b8oy8r6kvco.roa
File: iKOGyCb5kgZR3Am8b8oy8r6kvco.roa (raw, json)
Hash identifier: bUtpzpDKKchUx3RZxiA1iE1CvS63gqkkNoQnkKwr4s0=
Subject key identifier: 88:A3:86:C8:26:F9:92:06:51:DC:09:BC:6F:CA:32:F2:BE:A4:BD:CA
Certificate issuer: /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial: 019D297D1F7B0B710601FC9A4A93473D5781
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/iKOGyCb5kgZR3Am8b8oy8r6kvco.roa
Signing time: Thu 26 Mar 2026 09:32:39 +0000
ROA not before: Thu 26 Mar 2026 09:32:39 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 25211
IP address blocks: 45.141.233.0/24 maxlen: 24
45.141.234.0/24 maxlen: 24
78.159.128.0/24 maxlen: 24
78.159.129.0/24 maxlen: 24
78.159.131.0/24 maxlen: 24
78.159.136.0/24 maxlen: 24
78.159.137.0/24 maxlen: 24
78.159.138.0/24 maxlen: 24
78.159.139.0/24 maxlen: 24
78.159.149.0/24 maxlen: 24
78.159.150.0/24 maxlen: 24
78.159.152.0/22 maxlen: 22
78.159.153.0/24 maxlen: 24
78.159.154.0/24 maxlen: 24
78.159.155.0/24 maxlen: 24
78.159.157.0/24 maxlen: 24
78.159.158.0/24 maxlen: 24
78.159.159.0/24 maxlen: 24
91.92.34.0/24 maxlen: 24
91.92.35.0/24 maxlen: 24
91.92.40.0/24 maxlen: 24
91.92.42.0/24 maxlen: 24
91.92.44.0/24 maxlen: 24
91.92.45.0/24 maxlen: 24
91.92.46.0/24 maxlen: 24
91.92.49.0/24 maxlen: 24
91.92.50.0/24 maxlen: 24
91.92.51.0/24 maxlen: 24
91.92.52.0/24 maxlen: 24
91.92.53.0/24 maxlen: 24
93.152.207.0/24 maxlen: 24
93.152.208.0/24 maxlen: 24
93.152.210.0/24 maxlen: 24
93.152.211.0/24 maxlen: 24
93.152.214.0/24 maxlen: 24
93.152.215.0/24 maxlen: 24
93.152.216.0/24 maxlen: 24
93.152.217.0/24 maxlen: 24
93.152.218.0/24 maxlen: 24
93.152.221.0/24 maxlen: 24
93.152.222.0/24 maxlen: 24
93.152.223.0/24 maxlen: 24
93.152.226.0/24 maxlen: 24
93.152.227.0/24 maxlen: 24
94.26.28.0/24 maxlen: 24
94.26.29.0/24 maxlen: 24
94.26.76.0/22 maxlen: 22
94.26.76.0/24 maxlen: 24
94.26.77.0/24 maxlen: 24
94.26.78.0/24 maxlen: 24
94.26.79.0/24 maxlen: 24
94.26.89.0/24 maxlen: 24
94.26.90.0/24 maxlen: 24
94.190.195.0/24 maxlen: 24
185.96.252.0/24 maxlen: 24
185.96.253.0/24 maxlen: 24
185.96.254.0/24 maxlen: 24
185.96.255.0/24 maxlen: 24
212.102.105.0/24 maxlen: 24
212.102.107.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 09:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:29:7d:1f:7b:0b:71:06:01:fc:9a:4a:93:47:3d:57:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Validity
Not Before: Mar 26 09:32:39 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=88a386c826f9920651dc09bc6fca32f2bea4bdca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:e4:79:dc:cf:d6:fe:61:36:b3:b1:b0:f6:10:
17:2f:63:7b:99:3f:b0:1a:0f:ab:ec:6d:c0:5e:fd:
83:63:e0:fb:83:98:3d:f8:b7:58:b0:d5:3c:be:6f:
0a:c3:75:0a:9a:68:01:df:ba:71:4a:d2:07:6e:a4:
a4:82:24:e4:1d:38:e7:69:3b:00:fe:52:eb:0b:77:
48:3e:72:3d:d4:b2:59:e5:0a:ba:cd:a1:2d:01:ac:
dd:5a:30:8b:17:a4:db:0c:45:27:a6:e6:54:cc:4a:
15:d0:75:45:b9:8d:09:c6:af:6a:33:ef:34:4a:c4:
cb:ab:49:6b:8b:3e:18:84:84:e7:2e:45:aa:8a:d5:
0c:ce:36:c4:55:ed:cd:e5:6f:79:fc:e4:85:53:47:
70:7b:5e:e0:42:90:6e:e6:2c:1c:c3:94:93:21:4b:
84:d1:1e:64:db:55:ff:23:a3:55:cb:5d:b9:2d:3e:
0e:3b:72:cd:17:85:94:85:59:1e:c1:c6:cd:1d:20:
63:2c:d3:0f:da:67:ed:9f:31:04:d5:ae:99:5b:bc:
62:bc:30:d5:3c:c2:97:84:64:dc:2e:94:8e:c2:86:
28:f4:fe:8e:7c:3d:08:be:26:51:84:c5:47:e8:fc:
17:fc:6d:9f:65:02:d3:b9:0b:45:e8:c8:fd:3f:9f:
e1:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:A3:86:C8:26:F9:92:06:51:DC:09:BC:6F:CA:32:F2:BE:A4:BD:CA
X509v3 Authority Key Identifier:
keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/iKOGyCb5kgZR3Am8b8oy8r6kvco.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.141.233.0-45.141.234.255
78.159.128.0/23
78.159.131.0/24
78.159.136.0/22
78.159.149.0-78.159.150.255
78.159.152.0/22
78.159.157.0-78.159.159.255
91.92.34.0/23
91.92.40.0/24
91.92.42.0/24
91.92.44.0-91.92.46.255
91.92.49.0-91.92.53.255
93.152.207.0-93.152.208.255
93.152.210.0/23
93.152.214.0-93.152.218.255
93.152.221.0-93.152.223.255
93.152.226.0/23
94.26.28.0/23
94.26.76.0/22
94.26.89.0-94.26.90.255
94.190.195.0/24
185.96.252.0/22
212.102.105.0/24
212.102.107.0/24
Signature Algorithm: sha256WithRSAEncryption
b1:16:60:d5:80:80:26:79:b1:18:2d:6c:5e:43:ea:5f:44:47:
6e:09:a5:18:68:e9:70:21:f5:ce:2b:ed:97:fe:37:16:a0:2a:
9e:78:f6:0f:5c:1d:ad:35:50:6d:b0:ee:03:19:fa:40:dc:4d:
e7:c5:06:18:81:da:4e:f3:f8:e8:c3:e2:5d:62:4b:45:6d:30:
f1:15:c3:18:cf:d2:8e:b7:a9:83:59:cd:38:41:b6:90:78:23:
8b:3e:58:1c:ae:fc:91:6b:6c:0a:08:a0:48:ae:8b:03:11:66:
c3:b4:ed:88:26:c8:00:eb:97:f1:f7:1b:9d:cd:2a:3f:93:07:
cc:ad:fb:30:c7:fa:79:63:eb:28:e8:8f:17:d9:83:22:36:ef:
56:fe:10:86:e0:99:e5:c9:af:29:34:c2:50:10:7b:50:29:fc:
39:8c:32:5b:c7:a2:b0:15:3b:d3:ac:9d:99:73:43:1d:b3:bc:
2a:84:c7:b8:ca:25:65:7e:e2:37:73:e7:08:e4:c4:b1:87:9e:
62:23:6b:34:f6:7e:04:f6:64:76:4f:6e:50:c1:65:84:73:27:
eb:98:c5:c0:56:c4:34:a9:9b:dd:d1:6f:66:36:7b:cd:eb:f0:
9d:85:8e:f5:96:7b:b6:81:bd:f5:34:50:8d:43:9f:82:80:8a:
fb:c0:f6:04
-----BEGIN CERTIFICATE-----
MIIF1DCCBLygAwIBAgISAZ0pfR97C3EGAfyaSpNHPVeBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjYwMzI2MDkzMjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGEzODZjODI2Zjk5MjA2NTFkYzA5YmM2ZmNhMzJmMmJlYTRiZGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOR53M/W/mE2s7Gw9hAXL2N7mT+w
Gg+r7G3AXv2DY+D7g5g9+LdYsNU8vm8Kw3UKmmgB37pxStIHbqSkgiTkHTjnaTsA
/lLrC3dIPnI91LJZ5Qq6zaEtAazdWjCLF6TbDEUnpuZUzEoV0HVFuY0Jxq9qM+80
SsTLq0lriz4YhITnLkWqitUMzjbEVe3N5W95/OSFU0dwe17gQpBu5iwcw5STIUuE
0R5k21X/I6NVy125LT4OO3LNF4WUhVkewcbNHSBjLNMP2mftnzEE1a6ZW7xivDDV
PMKXhGTcLpSOwoYo9P6OfD0IviZRhMVH6PwX/G2fZQLTuQtF6Mj9P5/h4wIDAQAB
o4IC4DCCAtwwHQYDVR0OBBYEFIijhsgm+ZIGUdwJvG/KMvK+pL3KMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvaUtPR3lDYjVrZ1pSM0FtOGI4b3k4cjZrdmNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH1BggrBgEFBQcBBwEB/wSB5TCB4jCB3wQCAAEwgdgwDAME
AC2N6QMEAC2N6gMEAU6fgAMEAE6fgwMEAk6fiDAMAwQATp+VAwQATp+WAwQCTp+Y
MAwDBABOn50DBAVOn4ADBAFbXCIDBABbXCgDBABbXCowDAMEAltcLAMEAFtcLjAM
AwQAW1wxAwQBW1w0MAwDBABdmM8DBABdmNADBAFdmNIwDAMEAV2Y1gMEAF2Y2jAM
AwQAXZjdAwQFXZjAAwQBXZjiAwQBXhocAwQCXhpMMAwDBABeGlkDBABeGloDBABe
vsMDBAK5YPwDBADUZmkDBADUZmswDQYJKoZIhvcNAQELBQADggEBALEWYNWAgCZ5
sRgtbF5D6l9ER24JpRho6XAh9c4r7Zf+NxagKp549g9cHa01UG2w7gMZ+kDcTefF
BhiB2k7z+OjD4l1iS0VtMPEVwxjP0o63qYNZzThBtpB4I4s+WByu/JFrbAoIoEiu
iwMRZsO07YgmyADrl/H3G53NKj+TB8yt+zDH+nlj6yjojxfZgyI271b+EIbgmeXJ
ryk0wlAQe1Ap/DmMMlvHorAVO9OsnZlzQx2zvCqEx7jKJWV+4jdz5wjkxLGHnmIj
azT2fgT2ZHZPblDBZYRzJ+uYxcBWxDSpm93Rb2Y2e83r8J2FjvWWe7aBvfU0UI1D
n4KAivvA9gQ=
-----END CERTIFICATE-----
Generated at Thu Mar 26 16:15:32 2026 by rpki-client